06399e90bc
not trust jails enough to execute audit related system calls. An example of this is with su(1), or login(1) within prisons. So, if the syscall request comes from a jail return ENOSYS. This will cause these utilities to operate as if audit is not present in the kernel. Looking forward, this problem will be remedied by allowing non privileged users to maintain and their own audit streams, but the details on exactly how this will be implemented needs to be worked out. This change should fix situations when options AUDIT has been compiled into the kernel, and utilities like su(1), or login(1) fail due to audit system call failures within jails. This is a RELENG_6 candidate. Reported by: Christian Brueffer Discussed with: rwatson MFC after: 3 days |
||
|---|---|---|
| .. | ||
| audit_arg.c | ||
| audit_bsm_klib.c | ||
| audit_bsm_token.c | ||
| audit_bsm.c | ||
| audit_ioctl.h | ||
| audit_pipe.c | ||
| audit_private.h | ||
| audit_syscalls.c | ||
| audit_trigger.c | ||
| audit_worker.c | ||
| audit.c | ||
| audit.h | ||